From 02c7a2ccabf3b21f881faacf286b4308c4ace1bc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 27 Jul 2017 01:13:47 +0200 Subject: multi: mention integer overflow risk if using > 500 million sockets Reported-by: ovidiu-benea@users.noreply.github.com Closes #1675 Closes #1683 --- lib/multi.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/multi.c') diff --git a/lib/multi.c b/lib/multi.c index 5753f58f7..217849c5a 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, if(nfds) { if(nfds > NUM_POLLS_ON_STACK) { + /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes + big, so at 2^29 sockets this value might wrap. When a process gets + the capability to actually handle over 500 million sockets this + calculation needs a integer overflow check. */ ufds = malloc(nfds * sizeof(struct pollfd)); if(!ufds) return CURLM_OUT_OF_MEMORY; -- cgit v1.2.3